ElHunter

Real-time domain & IP threat analysis via VirusTotal and AbuseIPDB

ElHunter — Threat Intelligence & Phishing Detector ElHunter is a real-time cybersecurity extension that checks every website you visit against VirusTotal and AbuseIPDB threat intelligence databases. If a domain or IP address is flagged as malicious, access is blocked immediately and a detailed threat report is shown — including VirusTotal vendor count, AbuseIPDB abuse confidence score, resolved IP address, hosting country, ISP, and Cloudflare detection. Malicious sites are blocked using Chrome's declarativeNetRequest API before the page loads. On repeat visits, known threats are blocked instantly at the network level — no API call required. ElHunter also detects phishing threats in email. On Gmail, Outlook, Yahoo Mail, and ProtonMail, every link inside an open email is automatically scanned via VirusTotal and AbuseIPDB. Results appear inline at the top of the page. Optionally, the full email can be analyzed by an AI model of your choice to receive a 0–100% phishing probability score with a one-sentence explanation. AI analysis only runs when you explicitly click Analyze — email content is never sent automatically. Country-based rules let you block or monitor traffic from specific countries by server hosting location (IP geolocation) or domain TLD. Each rule can be configured to notify only, block completely, or send a Telegram alert. Scan results are cached locally for 14 days so that revisiting a known site never triggers a redundant API call. No data is collected by ElHunter. API keys are stored locally in your browser and sent only to their respective services. All threat checks run directly from your browser — no proxy, no telemetry, no middleman. ElHunter is open source. Source code and full documentation are available on GitHub: https://github.com/elstati0n/ELHunter